Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
Bloomberg
Related Coverage
- Customer guidance for SharePoint vulnerability CVE-2025-53770 Microsoft Security Response Center
- Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) CISA
- SharePoint 0-day uncovered (CVE-2025-53770) Eye Research
- Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks BleepingComputer · Lawrence Abrams
- Microsoft alerts businesses, governments to server software attack Reuters
- Microsoft SharePoint Server Spoofing Vulnerability NewRecently updated Microsoft Security Response Center
- Microsoft Sharepoint server vulnerability puts an estimated 10,000 organizations at risk Engadget · Steve Dent
- Microsoft Confirms Global SharePoint Attack — Emergency Update Issued Forbes · Davey Winder
- Microsoft Fix Targets Attacks on SharePoint Zero-Day Krebs on Security · Brian Krebs
- Microsoft is Fixing Security Flaws Targeting On-Premises SharePoint Servers Thurrott · Laurent Giret
- Microsoft SharePoint servers are under attack because of a major security flaw The Verge · Jess Weatherbed
- Update now! Microsoft SharePoint is actively being exploited by hackers PCWorld · Michael Crider
- Microsoft Releases Urgent Fix for Sharepoint Vulnerability Being Used in Global Cyberattacks Inc
- New zero-day bug in Microsoft SharePoint under widespread attack TechCrunch · Zack Whittaker
- Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know Tom's Guide · Amber Bouman
- Microsoft SharePoint hack: An active cybersecurity incident could impact tens of thousands of servers Fast Company · Grace Snelling
- Microsoft Emergency Server Update Not Enough To Stop Attacks Forbes · Davey Winder
- Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770) Help Net Security · Zeljka Zorz
- 10,000+ companies at risk from Microsoft Sharepoint security flaw 9to5Mac · Ben Lovejoy
- Microsoft alerts users of global hack targeting SharePoint WPXI-TV
- Hackers use Microsoft security flaw to commit global assault UPI · Ian Stark
- Microsoft releases emergency fix for Sharepoint after cyberattacks CBS News
- Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers The Hacker News
- Microsoft releases urgent fix for SharePoint zero-day vulnerability Mashable · Meera Navlakha
- New Microsoft SharePoint exploit patched in emergency security update Notebookcheck · Rohith Bhaskar
- Most Teens Now Trust AI More Than Their Parents implicator.ai · Marcus Schuler
- Worldwide cyberattack underway as hackers exploit Microsoft SharePoint zero-day vulnerability TechSpot · Skye Jacobs
- Global hack on Microsoft product hits U.S., state agencies, researchers say Washington Post
- CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild Cyber Security News · Guru Baran
- Massive cyber attack against Microsoft - Thousands of servers worldwide at risk ProtoThema English
- Microsoft product hack hits US government, state agencies in global cyberattack Cryptopolitan · Nellius Irene
- Microsoft issues alert for possible cyberattack targeting server software used by governments, businesses Livemint
- Microsoft SharePoint zero-day exploited in RCE attacks, no patch available BleepingComputer · Lawrence Abrams
- Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack The Register · Iain Thomson
- ACSC alerts to exploited MS SharePoint remote code execution flaw iTnews · Juha Saarinen
- Active attacks target Microsoft SharePoint zero-day affecting on-premises servers SiliconANGLE · Duncan Riley
- Microsoft Server Software Comes Under Widespread Cyberattack Bloomberg Law
- Critical Sharepoint 0-Day Vulnerablity Exploited CVE-2025-53770 (ToolShell), (Sun, Jul 20th) SANS Internet Storm Center, InfoCON
- Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch Available Forbes · Davey Winder
- SharePoint zero day under mass attack: Microsoft scrambles to patch CVE-2025-53770. The Stack · Edward Targett
- Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More Cyber Security News · Guru Baran
- Pretty awesome that Trump has gutted CISA. — https://www.washingtonpost.com/ ... @funnymonkey@freeradical.zone
- WaPo reports that cybercrooks are using a zero-day vulnerability in Microsoft Sharepoint to pwn organizations. There is no official patch for the flaw at the moment, and experts quoted in the story said they saw evidence that attackers are trying to target vulnerable systems before a patch is available. … @briankrebs@infosec.exchange · BrianKrebs
- Government Sharepoint sites all getting walloped on a Sunday afternoon with a zero day is going to make Monday more interesting. — Microsoft has not issued a patch yet. … Shane Morris
- For organizations using Microsoft products, please be aware of this SharePoint vulnerability, as numerous organizations have already been breached. … Bryan Law
- There is a serious vulnerability in Sharepoint on premise being actively compromised this weekend. Our team scanned over 8000+ SharePoint servers worldwide. … Job Kuijpers
- Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. … Ann Johnson
- **Security Alert** for organizations with on-premises SharePoint — Microsoft is aware of active attacks targeting on-premises SharePoint Servers with a vulnerability assigned as CVE-2025-53770. … Steve Faehl
- Global hack on Microsoft product hits U.S., state agencies, researchers say Hacker News
Discussion
-
NewsMax.com
Brian Freeman
on x
Hackers Penetrate Another Microsoft Product
-
@ericjgeller.com
Eric Geller
on bluesky
Cyber community is on alert after the revelation of a major vulnerability in Microsoft SharePoint that's being exploited globally, w/ victims incl. govt agencies & infrastructure operators. — Initial disclosure: research.eye.security/sharepoint- u... MSFT guidance: msrc.micros…
-
@justinhendrix
Justin Hendrix
on bluesky
“Hackers exploited a major security flaw in widely used Microsoft server software to launch a global attack on government agencies and businesses in the past few days, breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications compan…
-
@girlgerms.wtf
Jess ‘GirlGerms’ Dodson
on bluesky
Trying not to let work and personal bleed too much into eachother, but want to make sure this gets out and has good reach. — If you've got on-prem SharePoint, please go do the things, because this is *nasty*: msrc.microsoft.com/blog/2025/ 07...
-
@yvonnewingett
Yvonne Wingett Sanchez
on bluesky
Global hack on Microsoft product hits U.S., state agencies, researchers say Unknown attackers exploited a “significant vulnerability” in Microsoft's SharePoint collaboration software, hitting targets around world. www.washingtonpost.com/technology/ 2... w/ @ellenwapo.bsky.social …
-
@joemenn
Joseph Menn
on bluesky
A global zero-day attack on common SharePoint server software from Microsoft has breached hundreds or thousands of organizations worldwide, including some federal and state agencies, we report at the Post. It started with a bad patch. Gift link: wapo.st/3TRrqcP
-
@shadowserver
@shadowserver
on bluesky
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. See: research.eye.security/sharepoint- u... ~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserve…
-
@campuscodi.risky.biz
Catalin Cimpanu
on bluesky
There's a new Microsoft SharePoint zero-day getting exploited right now: CVE-2025-53770 — msrc.microsoft.com/blog/2025/ 07...
-
@msftsecresponse
@msftsecresponse
on x
Update on CVE-2025-53770: Microsoft has released a security update for SharePoint Subscription Edition to mitigate active attacks targeting on-premises servers. SharePoint Online is not affected. Customers should apply the update immediately. We are actively working on updates
-
@msftsecresponse
@msftsecresponse
on x
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release…
-
@cisacyber
@cisacyber
on x
Malicious actors are exploiting RCE vulnerability CVE-2025-53770 to compromise on-prem SharePoint servers. See our Alert for info & mitigations on exploitation activity, known as #ToolShell. 👉 https://go.dhs.gov/iZZ [image]
-
@cisacyber
@cisacyber
on x
We added Microsoft SharePoint server remote code execution vulnerability CVE-2025-53770 to our Known Exploited Vulnerabilities Catalog. Visit https://go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. #ToolShell [image]
-
@irsdl
Soroush Dalili
on x
Well it was possible to bypass the auth patch easily as even a slash after .aspx would jump the check but https://msrc.microsoft.com/... means that there must be a new deserialisation gadget now? According to MS a file is being created and according to @watchtowrcyber machinekey …
-
@bertjancyber
Bert-Jan
on x
Sorry to disturb your weekend. There is a SharePoint 0day actively abused. Do not only focus on the rule of MSRC for hunting, other blogs also share different files and folders in use! Additional info: MSRC: https://msrc.microsoft.com/... Blog by @eyesecurity_: https://research.e…
-
@blackorbird
@blackorbird
on x
ToolShell Mass Exploitation (CVE-2025-53770) Stealing machine keys to maintain persistent access SharePoint -> The exchange server is the next target https://research.eye.security/ ... [image]
-
@deitaone
@deitaone
on x
*HACKERS ATTACKED GOVT AGENCIES, BUSINESSES IN RECENT DAYS: WAPO *HACKERS EXPLOITED FLAW IN MICROSOFT SERVER SOFTWARE: WAPO $MSFT
-
@uk_daniel_card
@uk_daniel_card
on x
If you have a SharePoint (hosted or on-premise) please read this! https://research.eye.security/ ...
-
@unit42_intel
@unit42_intel
on x
On July 19, Microsoft issued guidance on CVE-2025-53770, a variant of CVE-2025-49706. At the time of posting, a patch is not available. Learn more about Microsoft's customer guidance as the situation evolves: https://msrc.microsoft.com/...
-
@nakashimae
Ellen Nakashima
on x
NEW: Global hack on governments and businesses using Microsoft SharePoint servers hits U.S., state agencies, researchers say https://www.washingtonpost.com/ ...
-
@shadowserver
@shadowserver
on x
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with @eyesecurity & @watchtowrcyber we are notifying compromised parties. Read: https://research.eye.security/ ... ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): https://dashboar…
-
r/cybersecurity
r
on reddit
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
-
r/blueteamsec
r
on reddit
Customer guidance for SharePoint vulnerability CVE-2025-53770 | Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. …